Featured Entry

Happy99 is an email worm coded by 29A contributor Spanska. The coder described it as "sympathetic hitchhiker who uses your internet connection to travel, and thank you for the trip with a small animation", displaying fireworks when executed.

One of its more interesting features is its modification of the WSOCK32.DLL file, that it uses to spread. Every time the user sends an email or news post, the worm will send a second email or news post containing a copy of itself. Because of its ability to infect a file, its status as a virus or worm was disputed, even by its coder. The fact that it requires user interaction also gave it some trojan aspects.

Announcements

Reports of our death have been greatly exaggerated. True, it has been a very long time since we last produced an entry for the wiki. Our professional and personal lives over the past few months have made it extremely difficult to devote to this labor of love, but most of us are still very much on it. New entries will continue to be few and far between for the foreseeable future. However, we will still be very much here, unless Wikidot folds and pulls the plug on the server, which is pretty unlikely to happen.

The Virus Encyclopedia will begin hosting some files on our own designated media page. We have hard drives, optical media and even floppy diskettes we have collected over the years filled with information that does not seem to be available anywhere else and occasionally we find something useful for one of our entries. The media is so far pretty disorganized, though we will be making an effort to put it all in one place and freely share it (where copyrights are not an issue) with everyone interested. In the meantime, when we find something from these files that is relevant to more than one page, we will upload it as an attachment to the Media page (there are only 2 entries as of this writing) and create a link to it.

News

The NSA may have had a hand in the Stuxnet worm, according to recently leaked documents. Long thought to be the work of the CIA and Israeli Mossad, a recent leak by the "Shadow Brokers" hacking organization included a tool by the NSA that was nearly identical to one used in Stuxnet. It was last compiled on 2010.09.09, a few months after the discovery of Stuxnet. Researcher Liam O'Murchu says there is definitelty a strong connection but no proof that the tool confirms a link to Stuxnet and the CIA. A python script contained in the leak displays an ASCII medal with the text “Won the gold medal!!!” above it, a possible reference to the "Olympic Games" codename of the project creating Stuxnet.

After 14 years of inactivity, the Slammer worm has made a mysterious comeback. The worm made brief spikes in late November and early December of the last year. The attacks primarily came from China, Vietnam, Mexico and Ukraine, though the US, Russia, Thailand, Venezuela and Argentina. No one seems to know how or why the 14-year old worm that is very specific to a vulnerability that should be patched and a port that should be closed was able to make a comeback, but there is a lot of room for speculation.

Featured Image

Mylife is a family of destructive worms, most of which delete important system files. Most variants of the worm entice victims to open an email attachment with the promise of a picture. It usually delivers on this promise, displaying some kind of picture once the attachment is executed. The first one (pictured) is an image of a young girl, allegedly the love of the sender's life. Later variants had a political slant, featuring former US president Bill Clinton and former Israeli prime minister Ariel Sharon in their images. In addition to the pictures they display, Mylife often has other intersting visual elements, like the email attachment icons. These included images of Duckman, David Duchovny (Fox Mulder from the X-Files) and Groucho Marx.

The original deletes various types of files in the root, Windows and System folders, destroying the operating system. Later variants could be anything from mildly annoying, like the G, I and J variants that simply delete MP3 files, to extremely dangerous, like the M variant, which deletes all files on certain drives.

Featured Video

Yaha is a worm with many variants, all based on the original worm, but with some different features added to later versions. Some variants of the worm were created (and possibly continue to be created) in a cyber-war between hackers of India and Pakistan. The worm allegedly caused over $10 billion in damages.

Many of its variants appear as a Valentine's Day message to entice victims to download and execute the attachment. The attachment itself is often an executable with a heart icon. Most variants display some kind of screensaver with a sickeningly sweet message.

In addition to the war between Pakistani and Indian hackers, the coder of Yaha had a brush with Belgian coder Gigabyte. Yaha's coder abused her website, so she coded Yahasux, which attacks some variants of Yaha.